asp.net security: Kerberos Delegation -- asp.net security

Kerberos Delegation

ecy1 NO[at]SPAM bezeqint.net
1/29/2004 4:16:17 AM

asp.net security: Hi

I would like to know if Kerberos Delegation is possible in
a multi Hop scenario.
For example: Is the following scenario possible?

A Client C Transfer its {TGT} to server "S" for
Delegation, Server S will FORWARD this {TGT} to server T
for delegation again, (Second Hop).
Server T will finally ask for a ticket form service server
Q to be able to call that service in client's C name.

The question is: Is it possible for the Kerberos
delegation algorithm to run through multiple Hops?

I have read about Kerberos and found many explanations
about Delegation but ALL described Only one hop scenario.

Does this mean that Multi Hop Scenario is not possible?

Is there an article and example showing this?

Thanks

Emmanuel Kahn
ecy1@bezeqint.net

Re: Kerberos Delegation

Paul Glavich
1/30/2004 11:36:52 PM

Yes, kerberos delegation is possible. You need to mark the account that
is to be delegated as 'delegateable'. I dont have a link handy, but I do
have a set of web articles on disk that describe how to implement
kerberos delegation under windows 2000. Send me offlist at
glav@aspalliance.com-NOSPAM (obviously without the -NOSPAM) and I'll
forward it to you.

- Paul Glavich

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages in the asp.net security group.